目次

JHipsterのCI/CDのページ

https://www.jhipster.tech/setting-up-ci/

GitLabのCI/CDのページ

dockerで動かす際の説明 https://docs.gitlab.com/runner/install/docker.html

https://about.gitlab.com/features/continuous-integration/

.gitlab-ci.yml ファイルとは

.gitlab-ci.yml ファイルはパイプラインの構造と順序を定義し、以下のことを決めます。

.gitlab-ci.ymlのリファレンス

https://gitlab-docs.creationline.com/ee/ci/yaml/

GitLabのクイックスタート

https://gitlab-docs.creationline.com/ee/ci/quick_start/README.html

GitLabの設定サンプル

https://gitlab-docs.creationline.com/ee/ci/examples/README.html

mavenを使った例

https://gitlab-docs.creationline.com/ee/ci/examples/artifactory_and_gitlab/index.html

spring-bootを使った例

https://gitlab-docs.creationline.com/ee/ci/examples/deploy_spring_boot_to_cloud_foundry/index.html

jhipster ci-cdをためす

jhipster ci-cd

を実行してみる

選択枝でGitLabを選ぶ

In GitLab CI, perform the build in a docker container

となる。

y

を選ぶ

.gitlab-ci.yml

が変更になる

.gitlab-ci.yml に追加されたコード

追加のタスクは何もなしで進むと以下のコードが追加された

image: jhipster/jhipster:v7.9.3

cache:
  key: '$CI_COMMIT_REF_NAME'
  paths:
    - .maven/
stages:
  - check
  - build
  - test
  - analyze
  - package
  - release
  - deploy
before_script:
  - export MAVEN_USER_HOME=`pwd`/.maven

nohttp:
  stage: check
  script:
    - ./mvnw -ntp checkstyle:check -Dmaven.repo.local=$MAVEN_USER_HOME

maven-compile:
  stage: build
  script:
    - ./mvnw -ntp compile -P-webapp -Dmaven.repo.local=$MAVEN_USER_HOME
  artifacts:
    paths:
      - target/classes/
      - target/generated-sources/
    expire_in: 1 day

maven-test:
  services:
    - docker:dind

  variables:
    # Instruct Testcontainers to use the daemon of DinD.
    DOCKER_HOST: 'tcp://docker:2375'
    # Improve performance with overlayfs.
    DOCKER_DRIVER: overlay2

  stage: test
  script:
    - ./mvnw -ntp verify -P-webapp -Dmaven.repo.local=$MAVEN_USER_HOME
  artifacts:
    reports:
      junit:
        - target/surefire-reports/TEST-*.xml
        - target/failsafe-reports/TEST-*.xml
    paths:
      - target/surefire-reports
      - target/failsafe-reports
      - target/site
    expire_in: 1 day

frontend-test:
  stage: test
  script:
    - npm install
    - npm test
  artifacts:
    reports:
      junit: target/test-results/TESTS-results-jest.xml
    paths:
      - target/test-results
      - target/jacoco
    expire_in: 1 day

maven-package:
  stage: package
  script:
    - ./mvnw -ntp verify -Pprod -DskipTests -Dmaven.repo.local=$MAVEN_USER_HOME
  artifacts:
    paths:
      - target/*.jar
      - target/classes
    expire_in: 1 day
# Uncomment the following line to use gitlabs container registry. You need to adapt the REGISTRY_URL in case you are not using gitlab.com
#docker-push:
#    stage: release
#    variables:
#        REGISTRY_URL: registry.gitlab.com
#        IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHA
#    dependencies:
#        - maven-package
#    script:
#        - ./mvnw -ntp jib:build -Pprod -Djib.to.image=$IMAGE_TAG -Djib.to.auth.username=gitlab-ci-token  -Djib.to.auth.password=$CI_BUILD_TOKEN -Dmaven.repo.local=$MAVEN_USER_HOME

GitLab Runnerは別サーバー?

もしかしてGitLabRunner?は別サーバにたてるのだろうか?

以下に構築方法を解説しているサイトがあった。

https://www.alpha.co.jp/blog/202208_01#%E3%82%AD%E3%83%A3%E3%83%83%E3%82%B7%E3%83%A5%E3%82%A2%E3%83%BC%E3%83%86%E3%82%A3%E3%83%95%E3%82%A1%E3%82%AF%E3%83%88%E3%83%AC%E3%82%B8%E3%82%B9%E3%83%88%E3%83%AA%E3%81%AE%E6%A0%BC%E7%B4%8D%E5%A0%B4%E6%89%80

Dockerコンテナでgitlabとgitlab-runnerを構築してCI/CD

https://syachiku.net/docker-gitlab-gitlab-runner/

docker-composeに追加するコード

  gitlab-runner:
    image: gitlab/gitlab-runner:latest
    container_name: gitlab-runner
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /root/gitlab/gitlab-runner-config:/etc/gitlab-runner
    ports:
      - "8093:8093"

必要なディレクトリやファイルを作成

mkdir -p /root/gitlab/gitlab-runner-config

GitLab Runnerを使用する前に、GitLabの管理者アカウントでGitLab Runnerを登録する必要があります。

GitLabの公式ドキュメント

https://docs.gitlab.com/runner/

正直、オンプレミスではどうしたらよいのか親切には書いてない。

日本語の解説サイト

GitLab Runner構築のススメ

https://www.gitlab.jp/blog/2022/09/26/runner-summary/

画面のキャプチャとかあって、本家よりわかりやすいかもしれない。インストール部分は、自分はdocker-composeを使ったので、参考にしてないが、GitRunner?の登録の仕方が本家の説明で要領を得なかったので、ここを参考にした。

手順

メモしたい項目の具体的な項目名:

gitlab-runnerのコンテナ名の調査

docker-compose ps

起動させてあるのが、前提条件ですが、上記のコマンドで、実行済みのgitlab-runnerのコンテナ名を調べます。

docker-imageへのログイン

docker exec -it 上記手順で調べたドッカーコンテナ名 bash 

登録コマンドの実行

コマンドを実行する前に、どのようなコマンドがあるのか確認してみましょう。

gitlab-runner --help

gitlab-runner-2というコンテナ名で、helpオプションを実行する例

# docker exec -it gitlab-runner-2 gitlab-runner --help
NAME:
   gitlab-runner - a GitLab Runner

USAGE:
   gitlab-runner [global options] command [command options] [arguments...]

VERSION:
   15.10.1 (dcfb4b66)

AUTHOR:
   GitLab Inc. <support@gitlab.com>

COMMANDS:
   exec                  execute a build locally
   list                  List all configured runners
   run                   run multi runner service
   register              register a new runner
   reset-token           reset a runner's token
   install               install service
   uninstall             uninstall service
   start                 start service
   stop                  stop service
   restart               restart service
   status                get status of a service
   run-single            start single runner
   unregister            unregister specific runner
   verify                verify all registered runners
   artifacts-downloader  download and extract build artifacts (internal)
   artifacts-uploader    create and upload build artifacts (internal)
   cache-archiver        create and upload cache artifacts (internal)
   cache-extractor       download and extract cache artifacts (internal)
   cache-init            changed permissions for cache paths (internal)
   health-check          check health for a specific address
   read-logs             reads job logs from a file, used by kubernetes executor (internal)
   help, h               Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --cpuprofile value           write cpu profile to file [$CPU_PROFILE]
   --debug                      debug mode [$RUNNER_DEBUG]
   --log-format value           Choose log format (options: runner, text, json) [$LOG_FORMAT]
   --log-level value, -l value  Log level (options: debug, info, warn, error, fatal, panic) [$LOG_LEVEL]
   --help, -h                   show help
   --version, -v                print the version

登録に実行するコマンドは、以下のコマンドですが、、

gitlab-runner register

gitlab-runner registerのオプションの量がやばい量ある件について

[root@localhost gitlab]# docker exec -it gitlab-runner-2 gitlab-runner help register
Runtime platform                                    arch=amd64 os=linux pid=171 revision=dcfb4b66 version=15.10.1
NAME:
   gitlab-runner register - register a new runner

USAGE:
   gitlab-runner register [command options] [arguments...]

OPTIONS:
   -c value, --config value                                                                   Config file [$CONFIG_FILE]
   --template-config value                                                                    Path to the configuration template file [$TEMPLATE_CONFIG_FILE]
   --tag-list value                                                                           Tag list [$RUNNER_TAG_LIST]
   -n, --non-interactive                                                                      Run registration unattended [$REGISTER_NON_INTERACTIVE]
   --leave-runner                                                                             Don't remove runner if registration fails [$REGISTER_LEAVE_RUNNER]
   -r value, --registration-token value                                                       Runner's registration token [$REGISTRATION_TOKEN]
   --run-untagged                                                                             Register to run untagged builds; defaults to 'true' when 'tag-list' is empty [$REGISTER_RUN_UNTAGGED]
   --locked                                                                                   Lock Runner for current project, defaults to 'true' [$REGISTER_LOCKED]
   --access-level value                                                                       Set access_level of the runner to not_protected or ref_protected; defaults to not_protected [$REGISTER_ACCESS_LEVEL]
   --maximum-timeout value                                                                    What is the maximum timeout (in seconds) that will be set for job when using this Runner (default: "0") [$REGISTER_MAXIMUM_TIMEOUT]
   --paused                                                                                   Set Runner to be paused, defaults to 'false' [$REGISTER_PAUSED]
   --maintenance-note value                                                                   Runner's maintenance note [$REGISTER_MAINTENANCE_NOTE]
   --name value, --description value                                                          Runner name (default: "8979973c36c6") [$RUNNER_NAME]
   --limit value                                                                              Maximum number of builds processed by this runner (default: "0") [$RUNNER_LIMIT]
   --output-limit value                                                                       Maximum build trace size in kilobytes (default: "0") [$RUNNER_OUTPUT_LIMIT]
   --request-concurrency value                                                                Maximum concurrency for job requests (default: "0") [$RUNNER_REQUEST_CONCURRENCY]
   --unhealthy-requests-limit value                                                           The number of 'unhealthy' responses to new job requests after which a runner worker will be disabled (default: "0") [$RUNNER_UNHEALTHY_REQUESTS_LIMIT]
   --unhealthy-interval value                                                                 Duration for which a runner worker is disabled after exceeding the unhealthy requests limit. Supports syntax like '3600s', '1h30min' etc
   -u value, --url value                                                                      GitLab instance URL [$CI_SERVER_URL]
   -t value, --token value                                                                    Runner token [$CI_SERVER_TOKEN]
   --tls-ca-file value                                                                        File containing the certificates to verify the peer when using HTTPS [$CI_SERVER_TLS_CA_FILE]
   --tls-cert-file value                                                                      File containing certificate for TLS client auth when using HTTPS [$CI_SERVER_TLS_CERT_FILE]
   --tls-key-file value                                                                       File containing private key for TLS client auth when using HTTPS [$CI_SERVER_TLS_KEY_FILE]
   --executor value                                                                           Select executor, eg. shell, docker, etc. [$RUNNER_EXECUTOR]
   --builds-dir value                                                                         Directory where builds are stored [$RUNNER_BUILDS_DIR]
   --cache-dir value                                                                          Directory where build cache is stored [$RUNNER_CACHE_DIR]
   --clone-url value                                                                          Overwrite the default URL used to clone or fetch the git ref [$CLONE_URL]
   --env value                                                                                Custom environment variables injected to build environment [$RUNNER_ENV]
   --pre-clone-script value                                                                   [DEPRECATED] Use pre_get_sources_script instead [$RUNNER_PRE_CLONE_SCRIPT]
   --post-clone-script value                                                                  [DEPRECATED] Use post_get_sources_script instead [$RUNNER_POST_CLONE_SCRIPT]
   --pre-get-sources-script value                                                             Runner-specific commands to be executed on the runner before updating the Git repository an updating submodules. [$RUNNER_PRE_GET_SOURCES_SCRIPT]
   --post-get-sources-script value                                                            Runner-specific commands to be executed on the runner after updating the Git repository and updating submodules. [$RUNNER_POST_GET_SOURCES_SCRIPT]
   --pre-build-script value                                                                   Runner-specific command script executed just before build executes [$RUNNER_PRE_BUILD_SCRIPT]
   --post-build-script value                                                                  Runner-specific command script executed just after build executes [$RUNNER_POST_BUILD_SCRIPT]
   --debug-trace-disabled                                                                     When set to true Runner will disable the possibility of using the CI_DEBUG_TRACE feature [$RUNNER_DEBUG_TRACE_DISABLED]
   --shell value                                                                              Select bash, sh, cmd, pwsh or powershell [$RUNNER_SHELL]
   --custom_build_dir-enabled                                                                 Enable job specific build directories [$CUSTOM_BUILD_DIR_ENABLED]
   --cache-type value                                                                         Select caching method [$CACHE_TYPE]
   --cache-path value                                                                         Name of the path to prepend to the cache URL [$CACHE_PATH]
   --cache-shared                                                                             Enable cache sharing between runners. [$CACHE_SHARED]
   --cache-max_uploaded_archive_size value                                                    Limit the size of the cache archive being uploaded to cloud storage, in bytes. (default: "0") [$CACHE_MAXIMUM_UPLOADED_ARCHIVE_SIZE]
   --cache-s3-server-address value                                                            A host:port to the used S3-compatible server [$CACHE_S3_SERVER_ADDRESS]
   --cache-s3-access-key value                                                                S3 Access Key [$CACHE_S3_ACCESS_KEY]
   --cache-s3-secret-key value                                                                S3 Secret Key [$CACHE_S3_SECRET_KEY]
   --cache-s3-bucket-name value                                                               Name of the bucket where cache will be stored [$CACHE_S3_BUCKET_NAME]
   --cache-s3-bucket-location value                                                           Name of S3 region [$CACHE_S3_BUCKET_LOCATION]
   --cache-s3-insecure                                                                        Use insecure mode (without https) [$CACHE_S3_INSECURE]
   --cache-s3-authentication_type value                                                       IAM or credentials [$CACHE_S3_AUTHENTICATION_TYPE]
   --cache-s3-server-side-encryption value                                                    Server side encryption type (S3, or KMS) [$CACHE_S3_SERVER_SIDE_ENCRYPTION]
   --cache-s3-server-side-encryption-key-id value                                             Server side encryption key ID (alias or Key ID) [$CACHE_S3_SERVER_SIDE_ENCRYPTION_KEY_ID]
   --cache-gcs-access-id value                                                                ID of GCP Service Account used to access the storage [$CACHE_GCS_ACCESS_ID]
   --cache-gcs-private-key value                                                              Private key used to sign GCS requests [$CACHE_GCS_PRIVATE_KEY]
   --cache-gcs-credentials-file value                                                         File with GCP credentials, containing AccessID and PrivateKey [$GOOGLE_APPLICATION_CREDENTIALS]
   --cache-gcs-bucket-name value                                                              Name of the bucket where cache will be stored [$CACHE_GCS_BUCKET_NAME]
   --cache-azure-account-name value                                                           Account name for Azure Blob Storage [$CACHE_AZURE_ACCOUNT_NAME]
   --cache-azure-account-key value                                                            Access key for Azure Blob Storage [$CACHE_AZURE_ACCOUNT_KEY]
   --cache-azure-container-name value                                                         Name of the Azure container where cache will be stored [$CACHE_AZURE_CONTAINER_NAME]
   --cache-azure-storage-domain value                                                         Domain name of the Azure storage (e.g. blob.core.windows.net) [$CACHE_AZURE_STORAGE_DOMAIN]
   --feature-flags value                                                                      Enable/Disable feature flags https://docs.gitlab.com/runner/configuration/feature-flags.html (default: "{}") [$FEATURE_FLAGS]
   --ssh-user value                                                                           User name [$SSH_USER]
   --ssh-password value                                                                       User password [$SSH_PASSWORD]
   --ssh-host value                                                                           Remote host [$SSH_HOST]
   --ssh-port value                                                                           Remote host port [$SSH_PORT]
   --ssh-identity-file value                                                                  Identity file to be used [$SSH_IDENTITY_FILE]
   --ssh-disable-strict-host-key-checking value                                               Disable SSH strict host key checking [$DISABLE_STRICT_HOST_KEY_CHECKING]
   --ssh-known-hosts-file value                                                               Location of known_hosts file. Defaults to ~/.ssh/known_hosts [$KNOWN_HOSTS_FILE]
   --docker-host value                                                                        Docker daemon address [$DOCKER_HOST]
   --docker-cert-path value                                                                   Certificate path [$DOCKER_CERT_PATH]
   --docker-tlsverify                                                                         Use TLS and verify the remote [$DOCKER_TLS_VERIFY]
   --docker-hostname value                                                                    Custom container hostname [$DOCKER_HOSTNAME]
   --docker-image value                                                                       Docker image to be used [$DOCKER_IMAGE]
   --docker-runtime value                                                                     Docker runtime to be used [$DOCKER_RUNTIME]
   --docker-memory value                                                                      Memory limit (format: <number>[<unit>]). Unit can be one of b, k, m, or g. Minimum is 4M. [$DOCKER_MEMORY]
   --docker-memory-swap value                                                                 Total memory limit (memory + swap, format: <number>[<unit>]). Unit can be one of b, k, m, or g. [$DOCKER_MEMORY_SWAP]
   --docker-memory-reservation value                                                          Memory soft limit (format: <number>[<unit>]). Unit can be one of b, k, m, or g. [$DOCKER_MEMORY_RESERVATION]
   --docker-cpuset-cpus value                                                                 String value containing the cgroups CpusetCpus to use [$DOCKER_CPUSET_CPUS]
   --docker-cpus value                                                                        Number of CPUs [$DOCKER_CPUS]
   --docker-cpu-shares value                                                                  Number of CPU shares (default: "0") [$DOCKER_CPU_SHARES]
   --docker-dns value                                                                         A list of DNS servers for the container to use [$DOCKER_DNS]
   --docker-dns-search value                                                                  A list of DNS search domains [$DOCKER_DNS_SEARCH]
   --docker-privileged                                                                        Give extended privileges to container [$DOCKER_PRIVILEGED]
   --docker-services_privileged value                                                         When set this will give or remove extended privileges to container services [$DOCKER_SERVICES_PRIVILEGED]
   --docker-disable-entrypoint-overwrite                                                      Disable the possibility for a container to overwrite the default image entrypoint [$DOCKER_DISABLE_ENTRYPOINT_OVERWRITE]
   --docker-user value                                                                        Run all commands in the container as the specified user. [$DOCKER_USER]
   --docker-userns value                                                                      User namespace to use [$DOCKER_USERNS_MODE]
   --docker-cap-add value                                                                     Add Linux capabilities [$DOCKER_CAP_ADD]
   --docker-cap-drop value                                                                    Drop Linux capabilities [$DOCKER_CAP_DROP]
   --docker-oom-kill-disable                                                                  Do not kill processes in a container if an out-of-memory (OOM) error occurs [$DOCKER_OOM_KILL_DISABLE]
   --docker-oom-score-adjust value                                                            Adjust OOM score (default: "0") [$DOCKER_OOM_SCORE_ADJUST]
   --docker-security-opt value                                                                Security Options [$DOCKER_SECURITY_OPT]
   --docker-services-security-opt value                                                       Security Options for container services [$DOCKER_SERVICES_SECURITY_OPT]
   --docker-devices value, --omitempty value                                                  Add a host device to the container [$DOCKER_DEVICES]
   --docker-device-cgroup-rules value                                                         Add a device cgroup rule to the container [$DOCKER_DEVICE_CGROUP_RULES]
   --docker-gpus value                                                                        Request GPUs to be used by Docker [$DOCKER_GPUS]
   --docker-disable-cache                                                                     Disable all container caching [$DOCKER_DISABLE_CACHE]
   --docker-volumes value                                                                     Bind-mount a volume and create it if it doesn't exist prior to mounting. Can be specified multiple times once per mountpoint, e.g. --docker-volumes 'test0:/test0' --docker-volumes 'test1:/test1' [$DOCKER_VOLUMES]
   --docker-volume-driver value                                                               Volume driver to be used [$DOCKER_VOLUME_DRIVER]
   --docker-volume-driver-ops value                                                           A toml table/json object with the format key=values. Volume driver ops to be specified (default: "{}") [$DOCKER_VOLUME_DRIVER_OPS]
   --docker-cache-dir value                                                                   Directory where to store caches [$DOCKER_CACHE_DIR]
   --docker-extra-hosts value                                                                 Add a custom host-to-IP mapping [$DOCKER_EXTRA_HOSTS]
   --docker-volumes-from value                                                                A list of volumes to inherit from another container [$DOCKER_VOLUMES_FROM]
   --docker-network-mode value                                                                Add container to a custom network [$DOCKER_NETWORK_MODE]
   --docker-ipcmode value                                                                     Select IPC mode for container [$DOCKER_IPC_MODE]
   --docker-mac-address value                                                                 Container MAC address (e.g., 92:d0:c6:0a:29:33) [$DOCKER_MAC_ADDRESS]
   --docker-links value                                                                       Add link to another container [$DOCKER_LINKS]
   --docker-wait-for-services-timeout value                                                   How long to wait for service startup (default: "0") [$DOCKER_WAIT_FOR_SERVICES_TIMEOUT]
   --docker-allowed-images value                                                              Image allowlist [$DOCKER_ALLOWED_IMAGES]
   --docker-allowed-pull-policies value                                                       Pull policy allowlist [$DOCKER_ALLOWED_PULL_POLICIES]
   --docker-allowed-services value                                                            Service allowlist [$DOCKER_ALLOWED_SERVICES]
   --docker-pull-policy value                                                                 Image pull policy: never, if-not-present, always [$DOCKER_PULL_POLICY]
   --docker-isolation value                                                                   Container isolation technology. Windows only [$DOCKER_ISOLATION]
   --docker-shm-size value                                                                    Shared memory size for docker images (in bytes) (default: "0") [$DOCKER_SHM_SIZE]
   --docker-tmpfs value                                                                       A toml table/json object with the format key=values. When set this will mount the specified path in the key as a tmpfs volume in the main container, using the options specified as key. For the supported options, see the documentation for the unix 'mount' command (default: "{}") [$DOCKER_TMPFS]
   --docker-services-tmpfs value                                                              A toml table/json object with the format key=values. When set this will mount the specified path in the key as a tmpfs volume in all the service containers, using the options specified as key. For the supported options, see the documentation for the unix 'mount' command (default: "{}") [$DOCKER_SERVICES_TMPFS]
   --docker-sysctls value                                                                     Sysctl options, a toml table/json object of key=value. Value is expected to be a string. (default: "{}") [$DOCKER_SYSCTLS]
   --docker-helper-image value                                                                [ADVANCED] Override the default helper image used to clone repos and upload artifacts [$DOCKER_HELPER_IMAGE]
   --docker-helper-image-flavor value                                                         Set helper image flavor (alpine, ubuntu), defaults to alpine [$DOCKER_HELPER_IMAGE_FLAVOR]
   --docker-container-labels value                                                            A toml table/json object of key-value. Value is expected to be a string. When set, this will create containers with the given container labels. Environment variables will be substituted for values here. (default: "{}")
   --docker-enable-ipv6                                                                       Enable IPv6 for automatically created networks. This is only takes affect when the feature flag FF_NETWORK_PER_BUILD is enabled.
   --parallels-base-name value                                                                VM name to be used [$PARALLELS_BASE_NAME]
   --parallels-template-name value                                                            VM template to be created [$PARALLELS_TEMPLATE_NAME]
   --parallels-disable-snapshots                                                              Disable snapshoting to speedup VM creation [$PARALLELS_DISABLE_SNAPSHOTS]
   --parallels-time-server value                                                              Timeserver to sync the guests time from. Defaults to time.apple.com [$PARALLELS_TIME_SERVER]
   --parallels-allowed-images value                                                           Image (base_name) allowlist [$PARALLELS_ALLOWED_IMAGES]
   --virtualbox-base-name value                                                               VM name to be used [$VIRTUALBOX_BASE_NAME]
   --virtualbox-base-snapshot value                                                           Name or UUID of a specific VM snapshot to clone [$VIRTUALBOX_BASE_SNAPSHOT]
   --virtualbox-base-folder value                                                             Folder in which to save the new VM. If empty, uses VirtualBox default [$VIRTUALBOX_BASE_FOLDER]
   --virtualbox-disable-snapshots                                                             Disable snapshoting to speedup VM creation [$VIRTUALBOX_DISABLE_SNAPSHOTS]
   --virtualbox-allowed-images value                                                          Image allowlist [$VIRTUALBOX_ALLOWED_IMAGES]
   --virtualbox-start-type value                                                              Graphical front-end type [$VIRTUALBOX_START_TYPE]
   --machine-max-growth-rate value                                                            Maximum machines being provisioned concurrently, set to 0 for unlimited (default: "0") [$MACHINE_MAX_GROWTH_RATE]
   --machine-idle-nodes value                                                                 Maximum idle machines (default: "0") [$MACHINE_IDLE_COUNT]
   --machine-idle-scale-factor value                                                          (Experimental) Defines what factor of in-use machines should be used as current idle value, but never more then defined IdleCount. 0.0 means use IdleCount as a static number (defaults to 0.0). Must be defined as float number. (default: "0") [$MACHINE_IDLE_SCALE_FACTOR]
   --machine-idle-count-min value                                                             Minimal number of idle machines when IdleScaleFactor is in use. Defaults to 1. (default: "0") [$MACHINE_IDLE_COUNT_MIN]
   --machine-idle-time value                                                                  Minimum time after node can be destroyed (default: "0") [$MACHINE_IDLE_TIME]
   --machine-max-builds value                                                                 Maximum number of builds processed by machine (default: "0") [$MACHINE_MAX_BUILDS]
   --machine-machine-driver value                                                             The driver to use when creating machine [$MACHINE_DRIVER]
   --machine-machine-name value                                                               The template for machine name (needs to include %s) [$MACHINE_NAME]
   --machine-machine-options value                                                            Additional machine creation options [$MACHINE_OPTIONS]
   --kubernetes-host value                                                                    Optional Kubernetes master host URL (auto-discovery attempted if not specified) [$KUBERNETES_HOST]
   --kubernetes-cert-file value                                                               Optional Kubernetes master auth certificate [$KUBERNETES_CERT_FILE]
   --kubernetes-key-file value                                                                Optional Kubernetes master auth private key [$KUBERNETES_KEY_FILE]
   --kubernetes-ca-file value                                                                 Optional Kubernetes master auth ca certificate [$KUBERNETES_CA_FILE]
   --kubernetes-bearer_token_overwrite_allowed                                                Bool to authorize builds to specify their own bearer token for creation. [$KUBERNETES_BEARER_TOKEN_OVERWRITE_ALLOWED]
   --kubernetes-bearer_token value                                                            Optional Kubernetes service account token used to start build pods. [$KUBERNETES_BEARER_TOKEN]
   --kubernetes-image value                                                                   Default docker image to use for builds when none is specified [$KUBERNETES_IMAGE]
   --kubernetes-namespace value                                                               Namespace to run Kubernetes jobs in [$KUBERNETES_NAMESPACE]
   --kubernetes-namespace_overwrite_allowed value                                             Regex to validate 'KUBERNETES_NAMESPACE_OVERWRITE' value [$KUBERNETES_NAMESPACE_OVERWRITE_ALLOWED]
   --kubernetes-privileged value                                                              Run all containers with the privileged flag enabled [$KUBERNETES_PRIVILEGED]
   --kubernetes-runtime-class-name value                                                      A Runtime Class to use for all created pods, errors if the feature is unsupported by the cluster [$KUBERNETES_RUNTIME_CLASS_NAME]
   --kubernetes-allow-privilege-escalation value                                              Run all containers with the security context allowPrivilegeEscalation flag enabled. When empty, it does not define the allowPrivilegeEscalation flag in the container SecurityContext and allows Kubernetes to use the default privilege escalation behavior. [$KUBERNETES_ALLOW_PRIVILEGE_ESCALATION]
   --kubernetes-cpu-limit value                                                               The CPU allocation given to build containers [$KUBERNETES_CPU_LIMIT]
   --kubernetes-cpu-limit-overwrite-max-allowed value                                         If set, the max amount the cpu limit can be set to. Used with the KUBERNETES_CPU_LIMIT variable in the build. [$KUBERNETES_CPU_LIMIT_OVERWRITE_MAX_ALLOWED]
   --kubernetes-cpu-request value                                                             The CPU allocation requested for build containers [$KUBERNETES_CPU_REQUEST]
   --kubernetes-cpu-request-overwrite-max-allowed value                                       If set, the max amount the cpu request can be set to. Used with the KUBERNETES_CPU_REQUEST variable in the build. [$KUBERNETES_CPU_REQUEST_OVERWRITE_MAX_ALLOWED]
   --kubernetes-memory-limit value                                                            The amount of memory allocated to build containers [$KUBERNETES_MEMORY_LIMIT]
   --kubernetes-memory-limit-overwrite-max-allowed value                                      If set, the max amount the memory limit can be set to. Used with the KUBERNETES_MEMORY_LIMIT variable in the build. [$KUBERNETES_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED]
   --kubernetes-memory-request value                                                          The amount of memory requested from build containers [$KUBERNETES_MEMORY_REQUEST]
   --kubernetes-memory-request-overwrite-max-allowed value                                    If set, the max amount the memory request can be set to. Used with the KUBERNETES_MEMORY_REQUEST variable in the build. [$KUBERNETES_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED]
   --kubernetes-ephemeral-storage-limit value                                                 The amount of ephemeral storage allocated to build containers [$KUBERNETES_EPHEMERAL_STORAGE_LIMIT]
   --kubernetes-ephemeral-storage-limit-overwrite-max-allowed value                           If set, the max amount the ephemeral limit can be set to. Used with the KUBERNETES_EPHEMERAL_STORAGE_LIMIT variable in the build. [$KUBERNETES_EPHEMERAL_STORAGE_LIMIT_OVERWRITE_MAX_ALLOWED]
   --kubernetes-ephemeral-storage-request value                                               The amount of ephemeral storage requested from build containers [$KUBERNETES_EPHEMERAL_STORAGE_REQUEST]
   --kubernetes-ephemeral-storage-request-overwrite-max-allowed value                         If set, the max amount the ephemeral storage request can be set to. Used with the KUBERNETES_EPHEMERAL_STORAGE_REQUEST variable in the build. [$KUBERNETES_EPHEMERAL_STORAGE_REQUEST_OVERWRITE_MAX_ALLOWED]
   --kubernetes-service-cpu-limit value                                                       The CPU allocation given to build service containers [$KUBERNETES_SERVICE_CPU_LIMIT]
   --kubernetes-service-cpu-limit-overwrite-max-allowed value                                 If set, the max amount the service cpu limit can be set to. Used with the KUBERNETES_SERVICE_CPU_LIMIT variable in the build. [$KUBERNETES_SERVICE_CPU_LIMIT_OVERWRITE_MAX_ALLOWED]
   --kubernetes-service-cpu-request value                                                     The CPU allocation requested for build service containers [$KUBERNETES_SERVICE_CPU_REQUEST]
   --kubernetes-service-cpu-request-overwrite-max-allowed value                               If set, the max amount the service cpu request can be set to. Used with the KUBERNETES_SERVICE_CPU_REQUEST variable in the build. [$KUBERNETES_SERVICE_CPU_REQUEST_OVERWRITE_MAX_ALLOWED]
   --kubernetes-service-memory-limit value                                                    The amount of memory allocated to build service containers [$KUBERNETES_SERVICE_MEMORY_LIMIT]
   --kubernetes-service-memory-limit-overwrite-max-allowed value                              If set, the max amount the service memory limit can be set to. Used with the KUBERNETES_SERVICE_MEMORY_LIMIT variable in the build. [$KUBERNETES_SERVICE_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED]
   --kubernetes-service-memory-request value                                                  The amount of memory requested for build service containers [$KUBERNETES_SERVICE_MEMORY_REQUEST]
   --kubernetes-service-memory-request-overwrite-max-allowed value                            If set, the max amount the service memory request can be set to. Used with the KUBERNETES_SERVICE_MEMORY_REQUEST variable in the build. [$KUBERNETES_SERVICE_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED]
   --kubernetes-service-ephemeral_storage-limit value                                         The amount of ephemeral storage allocated to build service containers [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_LIMIT]
   --kubernetes-service-ephemeral_storage-limit-overwrite-max-allowed value                   If set, the max amount the service ephemeral storage limit can be set to. Used with the KUBERNETES_SERVICE_EPHEMERAL_STORAGE_LIMIT variable in the build. [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_LIMIT_OVERWRITE_MAX_ALLOWED]
   --kubernetes-service-ephemeral_storage-request value                                       The amount of ephemeral storage requested for build service containers [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_REQUEST]
   --kubernetes-service-ephemeral_storage-request-overwrite-max-allowed value                 If set, the max amount the service ephemeral storage request can be set to. Used with the KUBERNETES_SERVICE_EPHEMERAL_STORAGE_REQUEST variable in the build. [$KUBERNETES_SERVICE_EPHEMERAL_STORAGE_REQUEST_OVERWRITE_MAX_ALLOWED]
   --kubernetes-helper-cpu-limit value                                                        The CPU allocation given to build helper containers [$KUBERNETES_HELPER_CPU_LIMIT]
   --kubernetes-helper-cpu-limit-overwrite-max-allowed value                                  If set, the max amount the helper cpu limit can be set to. Used with the KUBERNETES_HELPER_CPU_LIMIT variable in the build. [$KUBERNETES_HELPER_CPU_LIMIT_OVERWRITE_MAX_ALLOWED]
   --kubernetes-helper-cpu-request value                                                      The CPU allocation requested for build helper containers [$KUBERNETES_HELPER_CPU_REQUEST]
   --kubernetes-helper-cpu-request-overwrite-max-allowed value                                If set, the max amount the helper cpu request can be set to. Used with the KUBERNETES_HELPER_CPU_REQUEST variable in the build. [$KUBERNETES_HELPER_CPU_REQUEST_OVERWRITE_MAX_ALLOWED]
   --kubernetes-helper-memory-limit value                                                     The amount of memory allocated to build helper containers [$KUBERNETES_HELPER_MEMORY_LIMIT]
   --kubernetes-helper-memory-limit-overwrite-max-allowed value                               If set, the max amount the helper memory limit can be set to. Used with the KUBERNETES_HELPER_MEMORY_LIMIT variable in the build. [$KUBERNETES_HELPER_MEMORY_LIMIT_OVERWRITE_MAX_ALLOWED]
   --kubernetes-helper-memory-request value                                                   The amount of memory requested for build helper containers [$KUBERNETES_HELPER_MEMORY_REQUEST]
   --kubernetes-helper-memory-request-overwrite-max-allowed value                             If set, the max amount the helper memory request can be set to. Used with the KUBERNETES_HELPER_MEMORY_REQUEST variable in the build. [$KUBERNETES_HELPER_MEMORY_REQUEST_OVERWRITE_MAX_ALLOWED]
   --kubernetes-helper-ephemeral_storage-limit value                                          The amount of ephemeral storage allocated to build helper containers [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_LIMIT]
   --kubernetes-helper-ephemeral_storage-limit-overwrite-max-allowed value                    If set, the max amount the helper ephemeral storage limit can be set to. Used with the KUBERNETES_HELPER_EPHEMERAL_STORAGE_LIMIT variable in the build. [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_LIMIT_OVERWRITE_MAX_ALLOWED]
   --kubernetes-helper-ephemeral_storage-request value                                        The amount of ephemeral storage requested for build helper containers [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_REQUEST]
   --kubernetes-helper-ephemeral_storage-request-overwrite-max-allowed value                  If set, the max amount the helper ephemeral storage request can be set to. Used with the KUBERNETES_HELPER_EPHEMERAL_STORAGE_REQUEST variable in the build. [$KUBERNETES_HELPER_EPHEMERAL_STORAGE_REQUEST_OVERWRITE_MAX_ALLOWED]
   --kubernetes-allowed-images value                                                          Image allowlist [$KUBERNETES_ALLOWED_IMAGES]
   --kubernetes-allowed-pull-policies value                                                   Pull policy allowlist [$KUBERNETES_ALLOWED_PULL_POLICIES]
   --kubernetes-allowed-services value                                                        Service allowlist [$KUBERNETES_ALLOWED_SERVICES]
   --kubernetes-pull-policy value                                                             Policy for if/when to pull a container image (never, if-not-present, always). The cluster default will be used if not set [$KUBERNETES_PULL_POLICY]
   --kubernetes-node-selector value                                                           A toml table/json object of key:value. Value is expected to be a string. When set this will create pods on k8s nodes that match all the key:value pairs. Only one selector is supported through environment variable configuration. (default: "{}") [$KUBERNETES_NODE_SELECTOR]
   --kubernetes-node_selector_overwrite_allowed value                                         Regex to validate 'KUBERNETES_NODE_SELECTOR_*' values [$KUBERNETES_NODE_SELECTOR_OVERWRITE_ALLOWED]
   --kubernetes-node-tolerations value                                                        A toml table/json object of key=value:effect. Value and effect are expected to be strings. When set, pods will tolerate the given taints. Only one toleration is supported through environment variable configuration. (default: "{}") [$KUBERNETES_NODE_TOLERATIONS]
   --kubernetes-image-pull-secrets value                                                      A list of image pull secrets that are used for pulling docker image [$KUBERNETES_IMAGE_PULL_SECRETS]
   --kubernetes-helper-image value                                                            [ADVANCED] Override the default helper image used to clone repos and upload artifacts [$KUBERNETES_HELPER_IMAGE]
   --kubernetes-helper-image-flavor value                                                     Set helper image flavor (alpine, ubuntu), defaults to alpine [$KUBERNETES_HELPER_IMAGE_FLAVOR]
   --kubernetes-terminationGracePeriodSeconds value                                           Duration after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal.DEPRECATED: use KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS and KUBERNETES_CLEANUP_GRACE_PERIOD_SECONDS instead. [$KUBERNETES_TERMINATIONGRACEPERIODSECONDS]
   --kubernetes-pod_termination_grace_period_seconds value                                    Pod-level setting which determines the duration in seconds which the pod has to terminate gracefully. After this, the processes are forcibly halted with a kill signal. Ignored if KUBERNETES_TERMINATIONGRACEPERIODSECONDS is specified. [$KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS]
   --kubernetes-cleanup_grace_period_seconds value                                            When cleaning up a pod on completion of a job, the duration in seconds which the pod has to terminate gracefully. After this, the processes are forcibly halted with a kill signal. Ignored if KUBERNETES_TERMINATIONGRACEPERIODSECONDS is specified. [$KUBERNETES_CLEANUP_GRACE_PERIOD_SECONDS]
   --kubernetes-poll-interval value                                                           How frequently, in seconds, the runner will poll the Kubernetes pod it has just created to check its status (default: "0") [$KUBERNETES_POLL_INTERVAL]
   --kubernetes-poll-timeout value                                                            The total amount of time, in seconds, that needs to pass before the runner will timeout attempting to connect to the pod it has just created (useful for queueing more builds that the cluster can handle at a time) (default: "0") [$KUBERNETES_POLL_TIMEOUT]
   --kubernetes-resource-availability-check-max-attempts value                                The maximum number of attempts to check if a resource (service account and/or pull secret) set is available before giving up. There is 5 seconds interval between each attempt (default: "0") [$KUBERNETES_RESOURCE_AVAILABILITY_CHECK_MAX_ATTEMPTS]
   --kubernetes-pod-labels value                                                              A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given pod labels. Environment variables will be substituted for values here. (default: "{}")
   --kubernetes-pod_labels_overwrite_allowed value                                            Regex to validate 'KUBERNETES_POD_LABELS_*' values [$KUBERNETES_POD_LABELS_OVERWRITE_ALLOWED]
   --kubernetes-scheduler-name value                                                          Pods will be scheduled using this scheduler, if it exists [$KUBERNETES_SCHEDULER_NAME]
   --kubernetes-service-account value                                                         Executor pods will use this Service Account to talk to kubernetes API [$KUBERNETES_SERVICE_ACCOUNT]
   --kubernetes-service_account_overwrite_allowed value                                       Regex to validate 'KUBERNETES_SERVICE_ACCOUNT' value [$KUBERNETES_SERVICE_ACCOUNT_OVERWRITE_ALLOWED]
   --kubernetes-pod-annotations value                                                         A toml table/json object of key-value. Value is expected to be a string. When set, this will create pods with the given annotations. Can be overwritten in build with KUBERNETES_POD_ANNOTATION_* variables (default: "{}")
   --kubernetes-pod_annotations_overwrite_allowed value                                       Regex to validate 'KUBERNETES_POD_ANNOTATIONS_*' values [$KUBERNETES_POD_ANNOTATIONS_OVERWRITE_ALLOWED]
   --kubernetes-pod-security-context-fs-group value                                           A special supplemental group that applies to all containers in a pod [$KUBERNETES_POD_SECURITY_CONTEXT_FS_GROUP]
   --kubernetes-pod-security-context-run-as-group value                                       The GID to run the entrypoint of the container process [$KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_GROUP]
   --kubernetes-pod-security-context-run-as-non-root value                                    Indicates that the container must run as a non-root user [$KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_NON_ROOT]
   --kubernetes-pod-security-context-run-as-user value                                        The UID to run the entrypoint of the container process [$KUBERNETES_POD_SECURITY_CONTEXT_RUN_AS_USER]
   --kubernetes-pod-security-context-supplemental-groups value                                A list of groups applied to the first process run in each container, in addition to the container's primary GID
   --kubernetes-pod-security-context-selinux-type value                                       The SELinux type label that applies to all containers in a pod
   --kubernetes-init_permissions_container_security_context-capabilities-add value            List of capabilities to add to the build container [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_ADD]
   --kubernetes-init_permissions_container_security_context-capabilities-drop value           List of capabilities to drop from the build container [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_DROP]
   --kubernetes-init_permissions_container_security_context-privileged value                  Run container in privileged mode [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_PRIVILEGED]
   --kubernetes-init_permissions_container_security_context-run-as-user value                 The UID to run the entrypoint of the container process [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_RUN_AS_USER]
   --kubernetes-init_permissions_container_security_context-run-as-group value                The GID to run the entrypoint of the container process [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_RUN_AS_GROUP]
   --kubernetes-init_permissions_container_security_context-run-as-non-root value             Indicates that the container must run as a non-root user [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_RUN_AS_NON_ROOT]
   --kubernetes-init_permissions_container_security_context-read-only-root-filesystem value   Whether this container has a read-only root filesystem. [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_READ_ONLY_ROOT_FILESYSTEM]
   --kubernetes-init_permissions_container_security_context-allow-privilege-escalation value  AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_ALLOW_PRIVILEGE_ESCALATION]
   --kubernetes-init_permissions_container_security_context-selinux-type value                The SELinux type label that is associated with the container process
   --kubernetes-init_permissions_container_security_context-proc-mount value                  Denotes the type of proc mount to use for the container. Valid values: default | unmasked. Set to unmasked if this container will be used to build OCI images. [$KUBERNETES_INIT_PERMISSIONS_CONTAINER_SECURITY_CONTEXT_PROC_MOUNT]
   --kubernetes-build_container_security_context-capabilities-add value                       List of capabilities to add to the build container [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_ADD]
   --kubernetes-build_container_security_context-capabilities-drop value                      List of capabilities to drop from the build container [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_DROP]
   --kubernetes-build_container_security_context-privileged value                             Run container in privileged mode [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_PRIVILEGED]
   --kubernetes-build_container_security_context-run-as-user value                            The UID to run the entrypoint of the container process [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_RUN_AS_USER]
   --kubernetes-build_container_security_context-run-as-group value                           The GID to run the entrypoint of the container process [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_RUN_AS_GROUP]
   --kubernetes-build_container_security_context-run-as-non-root value                        Indicates that the container must run as a non-root user [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_RUN_AS_NON_ROOT]
   --kubernetes-build_container_security_context-read-only-root-filesystem value              Whether this container has a read-only root filesystem. [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_READ_ONLY_ROOT_FILESYSTEM]
   --kubernetes-build_container_security_context-allow-privilege-escalation value             AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_ALLOW_PRIVILEGE_ESCALATION]
   --kubernetes-build_container_security_context-selinux-type value                           The SELinux type label that is associated with the container process
   --kubernetes-build_container_security_context-proc-mount value                             Denotes the type of proc mount to use for the container. Valid values: default | unmasked. Set to unmasked if this container will be used to build OCI images. [$KUBERNETES_BUILD_CONTAINER_SECURITY_CONTEXT_PROC_MOUNT]
   --kubernetes-helper_container_security_context-capabilities-add value                      List of capabilities to add to the build container [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_ADD]
   --kubernetes-helper_container_security_context-capabilities-drop value                     List of capabilities to drop from the build container [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_DROP]
   --kubernetes-helper_container_security_context-privileged value                            Run container in privileged mode [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_PRIVILEGED]
   --kubernetes-helper_container_security_context-run-as-user value                           The UID to run the entrypoint of the container process [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_RUN_AS_USER]
   --kubernetes-helper_container_security_context-run-as-group value                          The GID to run the entrypoint of the container process [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_RUN_AS_GROUP]
   --kubernetes-helper_container_security_context-run-as-non-root value                       Indicates that the container must run as a non-root user [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_RUN_AS_NON_ROOT]
   --kubernetes-helper_container_security_context-read-only-root-filesystem value             Whether this container has a read-only root filesystem. [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_READ_ONLY_ROOT_FILESYSTEM]
   --kubernetes-helper_container_security_context-allow-privilege-escalation value            AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_ALLOW_PRIVILEGE_ESCALATION]
   --kubernetes-helper_container_security_context-selinux-type value                          The SELinux type label that is associated with the container process
   --kubernetes-helper_container_security_context-proc-mount value                            Denotes the type of proc mount to use for the container. Valid values: default | unmasked. Set to unmasked if this container will be used to build OCI images. [$KUBERNETES_HELPER_CONTAINER_SECURITY_CONTEXT_PROC_MOUNT]
   --kubernetes-service_container_security_context-capabilities-add value                     List of capabilities to add to the build container [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_ADD]
   --kubernetes-service_container_security_context-capabilities-drop value                    List of capabilities to drop from the build container [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_CAPABILITIES_DROP]
   --kubernetes-service_container_security_context-privileged value                           Run container in privileged mode [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_PRIVILEGED]
   --kubernetes-service_container_security_context-run-as-user value                          The UID to run the entrypoint of the container process [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_RUN_AS_USER]
   --kubernetes-service_container_security_context-run-as-group value                         The GID to run the entrypoint of the container process [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_RUN_AS_GROUP]
   --kubernetes-service_container_security_context-run-as-non-root value                      Indicates that the container must run as a non-root user [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_RUN_AS_NON_ROOT]
   --kubernetes-service_container_security_context-read-only-root-filesystem value            Whether this container has a read-only root filesystem. [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_READ_ONLY_ROOT_FILESYSTEM]
   --kubernetes-service_container_security_context-allow-privilege-escalation value           AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_ALLOW_PRIVILEGE_ESCALATION]
   --kubernetes-service_container_security_context-selinux-type value                         The SELinux type label that is associated with the container process
   --kubernetes-service_container_security_context-proc-mount value                           Denotes the type of proc mount to use for the container. Valid values: default | unmasked. Set to unmasked if this container will be used to build OCI images. [$KUBERNETES_SERVICE_CONTAINER_SECURITY_CONTEXT_PROC_MOUNT]
   --kubernetes-host_aliases value                                                            Add a custom host-to-IP mapping
   --kubernetes-cap-add value                                                                 Add Linux capabilities [$KUBERNETES_CAP_ADD]
   --kubernetes-cap-drop value                                                                Drop Linux capabilities [$KUBERNETES_CAP_DROP]
   --kubernetes-dns-policy value                                                              How Kubernetes should try to resolve DNS from the created pods. If unset, Kubernetes will use the default 'ClusterFirst'. Valid values are: none, default, cluster-first, cluster-first-with-host-net [$KUBERNETES_DNS_POLICY]
   --kubernetes-priority_class_name value                                                     If set, the Kubernetes Priority Class to be set to the Pods [$KUBERNETES_PRIORITY_CLASS_NAME]
   --custom-config-exec value                                                                 Executable that allows to inject configuration values to the executor [$CUSTOM_CONFIG_EXEC]
   --custom-config-args value                                                                 Arguments for the config executable
   --custom-config-exec-timeout value                                                         Timeout for the config executable (in seconds) [$CUSTOM_CONFIG_EXEC_TIMEOUT]
   --custom-prepare-exec value                                                                Executable that prepares executor [$CUSTOM_PREPARE_EXEC]
   --custom-prepare-args value                                                                Arguments for the prepare executable
   --custom-prepare-exec-timeout value                                                        Timeout for the prepare executable (in seconds) [$CUSTOM_PREPARE_EXEC_TIMEOUT]
   --custom-run-exec value                                                                    Executable that runs the job script in executor [$CUSTOM_RUN_EXEC]
   --custom-run-args value                                                                    Arguments for the run executable
   --custom-cleanup-exec value                                                                Executable that cleanups after executor run [$CUSTOM_CLEANUP_EXEC]
   --custom-cleanup-args value                                                                Arguments for the cleanup executable
   --custom-cleanup-exec-timeout value                                                        Timeout for the cleanup executable (in seconds) [$CUSTOM_CLEANUP_EXEC_TIMEOUT]
   --custom-graceful-kill-timeout value                                                       Graceful timeout for scripts execution after SIGTERM is sent to the process (in seconds). This limits the time given for scripts to perform the cleanup before exiting [$CUSTOM_GRACEFUL_KILL_TIMEOUT]
   --custom-force-kill-timeout value                                                          Force timeout for scripts execution (in seconds). Counted from the force kill call; if process will be not terminated, Runner will abandon process termination and log an error [$CUSTOM_FORCE_KILL_TIMEOUT]

上記コマンドだと、インタラクティブなのですが、コマンドラインだけでやる方法もあります。

gitlab-runner register --non-interactive --locked=false --url=<URL> --registration-token=<token> --name=container-runner --tag-list=tag-runner --executor=docker --docker-privileged=true --docker-image=docker:20.10.15-dind

Shell

で、参考にしたサイトは

https://e-penguiner.com/build-gitlab-runner-with-docker/

です。

実行すると、上記の場合は質問されないです。いろいろなサイトで見つけるやり方だといくつか質問をしてくるので、上記手順でメモした内容で答えていきます。

実行タイプはdockerを選んだほうがdocker上のGitLabに認識してもらえるので、いいかと思います。

質問結果は以下に保存されます。

/etc/gitlab-runner/config.toml

編集のために、コンテナの名前を確認します。

docker-compose ps

仮に、

gitlab-web-1

というコンテナ名でgitlabが動作していたとします。

docker exec -it gitlab-web-1 bash
cd /etc/gitlab-runner

テキストエディタのviがインストールされていないので、インストールします。

apt-get update
apt-get install vim

gitlab-runnerのサービスのインストール

gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner

実行は、

gitlab-runner run &

です。

停止は、

gitlab-runner stop

です。

GitLabでSpecific Runnerが表示されたあと何をするのか?

GitLab.comではShared Runnerは限定されますが、オンプレミスGitLabではShared RunnerとSpecific Runnerの両方が利用可能であり、全体的に共有されたRunnerの設定が便利です。

Shared Runnerの設定

gitlab-runner registerで利用するトークンの取得

GitLabのどこで、トークンを取得できるかというと、[Menu] > [Admin] を選択し,[Overview] > [Runner]を選択します

specific_token.png

右上の「Register an instance runner」ボタンをクリックすると、gitlab-runner registerで利用するトークンを取得することができます。

gitlab-runner registerでのrunner登録例

dockerのgitlab-runnerコンテナ名がroot-runner-1だった場合のrunner登録例です

docker exec -it root-runner-1 gitlab-runner register --non-interactive --locked=false --url=<URL> --registration-token=<token> --name=container-runner --tag-list=tag-runner --executor=docker --docker-privileged=true --docker-image=docker:20.10.15-dind

2つ目のrunnerの追加は以下のようにやってみました。

[root@localhost gitlab]# docker exec -it gitlab-runner $gitlab_runner_container register --non-interactive --locked=false --url=$gtilab_url --registration-token=$gitlab_runner_token --name=$container_runner --tag-list=$tag_list --executor=docker --docker-privileged=true --docker-image=docker:20.10.15-dind
Runtime platform                                    arch=amd64 os=linux pid=61 revision=dcfb4b66 version=15.10.1
Running in system-mode.

WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://gitlab.com/gitlab-org/gitlab/-/issues/380872
Registering runner... succeeded                     runner=xxxx
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml"
[root@localhost gitlab]# docker exec -it gitlab-runner gitlab-runner list
Runtime platform                                    arch=amd64 os=linux pid=71 revision=dcfb4b66 version=15.10.1
Listing configured runners                          ConfigFile=/etc/gitlab-runner/config.toml
container-runner                                    Executor=docker Token=xxxx URL=http://xxxx:xxxx/
container-runner-2                                  Executor=docker Token=xxxx URL=http://xxxx:xxx/

CI/CDの実行

GitLabで、runnerの実行ユーザを設定する

GitLabのrunnerの実行ユーザは設定できます。

Advanced configuration

https://gitlab-docs.creationline.com/runner/configuration/advanced-configuration.html

設定ファイルは、それぞれのrunnerのdockerコンテナごとにあるような感じです。

設定ファイルの場所は、もしrootで実行しているならば、

/etc/gitlab-runner/config.toml

にあるし、rootでの実行ではないならば、それぞれのユーザの

~/.gitlab-runner/config.toml

にあります。

gitlab-runnerをdockerのイメージで実行している場合は、viエディタがインストールされていませんので、以下のコマンドでインストールする必要があります。

apt-get update
apt-get install vim

[runners.docker]

のuserを設定します gitlab-runnerのコンテナですでに以下のユーザが登録されています。

gitlab-runner

HelloWorld?的な簡単な設定ファイル

まずは、設定があっていれば必ず成功するレベルの簡単な自動実行をチュートリアルとしてやってみます。

以下の設定ファイルが簡単な設定ファイルと、紹介サイト(https://e-penguiner.com/build-gitlab-runner-with-docker/)には書いてありました。

シンプルな.gitlab-ci.yml

image: docker:20.10.15

services:
  - docker:20.10.15-dind

variables:
  DOCKER_DRIVER: overlay2
  DOCKER_TLS_CERTDIR: ""

before_script:
  - docker info

test_ci:
  script:
    - docker pull alpine:latest
    - docker run alpine:latest cat /etc/alpine-release
  tags:
    - tag-runner

.gitlab-ci.ymlの実行のさせ方

ブランチを作って、上記ファイルを含むマージリクエストを作った時点で、動作するようになります。

このyamlファイルの仕様については、以下が元の記事らしいのですが、わかりにくいので、ほかの記事も参考にしていきましょう。

参考記事

本家

https://gitlab-docs.creationline.com/ee/ci/yaml/

はじめてのGitLab-CI

https://qiita.com/yurano/items/a7804d987ccff37b1a9d

JHipsterでのCI/CDの記事

https://www.jhipster.tech/setting-up-ci/#what-cicd-pipeline-do-you-want-to-generate-

jhipsterの7.9.3のdockerfile

https://hub.docker.com/layers/jhipster/jhipster/v7.9.3/images/sha256-0878e0666e88451f3487abc2bf4417368daa86d9d93e0dd659f93ce1e89161cc?context=explore


添付ファイル: filespecific_token.png 39件 [詳細]
トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2023-04-27 (木) 11:45:26 (301d)